Will Drewry of the Google Security Team reported several flaws in the waylibvorbis processed audio data. An attacker could create a carefullycrafted OGG audio file in such a way that it could cause an applicationlinked with libvorbis to crash, or execute arbitrary code when it wasopened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423, CVE-2008-2009)

Moreover, additional OGG file sanity-checks have been added to preventpossible exploitation of similar issues in the future.

Users of libvorbis are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.

Solution:Please note that this update is available viaRed Hat Network. To use Red Hat Network, launch the RedHat Update Agent with the following command: up2date